There have been a couple of recent threads on the matter lately, and the key element to understand is what @bitmover points out in the OP: one needs to be concerned about the security of the 2FA itself, in terms of either making sure that they have kept all the backup codes to each site protected by 2FA, or use an alternative such Authy, instead of Google Authenticator (for a better set of recovery options).
Recently, I encountered a case of a forum member that has his phone stolen, and was having a hell of a rough time deactivating 2FA an reactivating it through a new device on every site that he has protected by the 2FA that resided on his stolen phone.
Not only is the procedure time consuming without the backup codes, but there are some specific sites where the procedure can take weeks to months. Specifically, the forum member took various weeks to recover access to his HitBTC account, having to prove his ID via photographs,videos, details of recent TXs indicating the amounts, coin/tokens and dates involved. He also had to provide the date when he signed-up on HitBTC, current balance of each crypto, TX hashes, etc. A nightmare of details.
Better safe than sorry …
Note: Authy enables you to have an encrypted backup of your 2FA on the cloud, and install it on multiple devices sharing the same access codes. That for me is a deal breaker in relation to Google Authenticator.
Topic: 2FA - Important Precautions with Google Authenticator - page 2. (Read 1188 times)
Hi
Is Google Authenticator is a legal one for transactions?
Is Google Authenticator is a legal one for transactions?
How to Reset 2fa my phone was broke and i never write down the words that given it to me? anyone could help me please
For reset 2FA you need to login your account first, go to your account security and click on Reset Two Factor Authentication, then entre your new 2FA code for reset, remember to write down your QR code.
If you lost your phone you can use QR code to restore your 2FA, but if you also lost the QR code, then there are not much you can do, the only solution is to contact exchange support, and see if they can help to login your account. Sometime they refused to do that, that why is very important to write down the QR code and keep it in a safe place.
How to Reset 2fa my phone was broke and i never write down the words that given it to me? anyone could help me please
What if I didn't saved or copied the sequence of numbers before enabling the 2FA in any account?
Is there a possible way to review it again? Cause I don't want to use Authy due to some possible hacking intrusion issues.
Is there a possible way to review it again? Cause I don't want to use Authy due to some possible hacking intrusion issues.
Then, you cannot lose your phone.
You should copy the number sequence.
bump
What if I didn't saved or copied the sequence of numbers before enabling the 2FA in any account?
Is there a possible way to review it again? Cause I don't want to use Authy due to some possible hacking intrusion issues.
Is there a possible way to review it again? Cause I don't want to use Authy due to some possible hacking intrusion issues.
tks you
I have two mobile. One for normal using and one for google authenticator - this one is still offline and without internet. This is a godd queue from me, stay safe guys.
The problem with Google authenticator is the inability to recover your account if you lost your phone. I there always prefer the use of SMS as verification to my account
You can recover your account having GA,if you lost your phone
Without backup up..read here
https://bitcointalksearch.org/topic/m.39156414
2FA is a must. I also recommend to use an app over t xrp messaging, as your phone can be hacked.
it seems your knowledgeable about 2authy can you please teach us with the picture if possible on how to do a backup. I have tried to press all the menu still can not find it.
edit: also on how to restore it. thanks in advance
After a simple "Authy backup" Google search:edit: also on how to restore it. thanks in advance
https://authy.com/features/backup/
https://authy.com/blog/how-the-authy-two-factor-backups-work/
Everything is stored in the cloud, so you don't need to save any files.
it seems your knowledgeable about 2authy can you please teach us with the picture if possible on how to do a backup. I have tried to press all the menu still can not find it.
edit: also on how to restore it. thanks in advance
edit: also on how to restore it. thanks in advance
Agreed 2fa is very important in security
+1 don't use any SMS-based 2FA.
This is what happened last year when a user decided to protect his Coinbase account with text message verifications:
https://medium.com/@CodyBrown/how-to-lose-8k-worth-of-bitcoin-in-15-minutes-with-verizon-and-coinbase-com-ba75fb8d0bac
This is what happened last year when a user decided to protect his Coinbase account with text message verifications:
https://medium.com/@CodyBrown/how-to-lose-8k-worth-of-bitcoin-in-15-minutes-with-verizon-and-coinbase-com-ba75fb8d0bac
That's ridiculous. It looks more like a problem with Verizon's protocols than with SMS verification as a medium though. Still, this shows that there's more that could go wrong with it, and that you shouldn't use it when you have better alternatives available. I'd still say it's more secure than nothing though. Just remember that it's far from bullet proof as a security option.
As an extension, you should never keep your money on exchanges either. People seem to refuse to listen though. Exchanges bypass the cryptographic security built in with crypto by taking control of your private key, so it's just a bad idea no matter how you look at it.
But one thing that many people do not know is the fact that Google Authenticator (GA) does not save your 2FA accounts in your google account. So if you lose your phone you lose access to all accounts linked to your GA
that's sort of the point. your 2-factor is supposed to be "something you have" in addition to "something you know" (the password). if your 2FA token was recoverable via your google account, a hacker could compromise your google account to override your 2FA protection. this is similar to the porting attack with SMS 2-factor authentication.
So if you use GA it is worth taking at least one of these two precautions:
-You should always note the key when registering an 2FA account. Few people realize, but there is always a sequence of numbers below the QR code (or somewhere else on the website) when you register that account on your GA.
- Register the account on another device, such as a tablet.
-You should always note the key when registering an 2FA account. Few people realize, but there is always a sequence of numbers below the QR code (or somewhere else on the website) when you register that account on your GA.
- Register the account on another device, such as a tablet.
good advice. i always have my tokens backed up on two devices, with a copy written down in a safe place.
WOW this is really helpful. Before I even realized it, most things that I log into prompt me to get my phone out to proceed. Will add my tablet and my second phone to these sites now, just to be safe. Had my phone stolen last year but thankfully didn't have any authenticators on it back then.
Good post
Good post
i noticed that you can recover fully working google auth app on ios. there is a difference in backup encryption between icloud backup and regular sync backup. successfully erased iphone and recover google auth app with all the codes in it like nothing happened. for me it worked over icloud. mbp sync got clean google auth app. so you might want to try to restore from icloud without connecting to the computer
Completely agreed with the author of the topic, using two-factor authentication from Google is quite unsafe. If you use it on your everyday phone. If you lose your phone, you lose access to all your accounts with enabled two-factor authentication.
This is only for mobile and I think better to add the windows devices.
I am using winauth in windows 7 as of now this authenticator tool still best for me for Desktop and Laptops because you can backup all account added in Google's KeyUriFormat that could be imported to other devices or other authenticator apps.
Google's KeyUriFormat includes all of your secret keys that you can use for recovery or import to other authenticator app or devices.
I use WinAuth as my main authenticator and scan the QR code of the master key from WinAuth to google authenticator. (Never tried authy as my authenticator) and you can now use your phone as your authenticator. If ever your phone is gone you can still have the backup from your laptop or desktop anytime soon you can recover and import again your secret key from WinAuth to a new device.
I am using winauth in windows 7 as of now this authenticator tool still best for me for Desktop and Laptops because you can backup all account added in Google's KeyUriFormat that could be imported to other devices or other authenticator apps.
Google's KeyUriFormat includes all of your secret keys that you can use for recovery or import to other authenticator app or devices.
I use WinAuth as my main authenticator and scan the QR code of the master key from WinAuth to google authenticator. (Never tried authy as my authenticator) and you can now use your phone as your authenticator. If ever your phone is gone you can still have the backup from your laptop or desktop anytime soon you can recover and import again your secret key from WinAuth to a new device.
Jump to: